* [bitcoin-dev] Upcoming DOS vulnerability announcements for Bitcoin Core
@ 2015-06-27 6:21 Gregory Maxwell
2015-06-27 7:49 ` Wladimir J. van der Laan
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Gregory Maxwell @ 2015-06-27 6:21 UTC (permalink / raw)
To: bitcoin-dev
On July 7th I will be making public details of several serious denial of
service vulnerabilities which have fixed in recent versions of Bitcoin Core,
including CVE-2015-3641.
I strongly recommend anyone running production nodes exposed to inbound
connections from the internet upgrade to 0.10.2 as soon as possible.
Upgrading older systems, especially miners, is also important due to the
BIP66 soft-fork which is about to reach enforcing status, see also:
http://sourceforge.net/p/bitcoin/mailman/message/34199290/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] Upcoming DOS vulnerability announcements for Bitcoin Core
2015-06-27 6:21 [bitcoin-dev] Upcoming DOS vulnerability announcements for Bitcoin Core Gregory Maxwell
@ 2015-06-27 7:49 ` Wladimir J. van der Laan
[not found] ` <CAOC2i373Bg2v_CHDicn74RFsjZDwwDW5cGQ=01o9YNnU8Tr27w@mail.gmail.com>
2015-07-07 23:14 ` Gregory Maxwell
2 siblings, 0 replies; 6+ messages in thread
From: Wladimir J. van der Laan @ 2015-06-27 7:49 UTC (permalink / raw)
To: Gregory Maxwell; +Cc: bitcoin-dev
On Sat, Jun 27, 2015 at 06:21:03AM +0000, Gregory Maxwell wrote:
> http://sourceforge.net/p/bitcoin/mailman/message/34199290/
New archive link:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-June/008578.html
Wladimir
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] Upcoming DOS vulnerability announcements for Bitcoin Core
[not found] ` <CAOC2i373Bg2v_CHDicn74RFsjZDwwDW5cGQ=01o9YNnU8Tr27w@mail.gmail.com>
@ 2015-06-27 17:55 ` Thomas Pryds
2015-06-27 18:22 ` Jameson Lopp
0 siblings, 1 reply; 6+ messages in thread
From: Thomas Pryds @ 2015-06-27 17:55 UTC (permalink / raw)
To: bitcoin-dev
[-- Attachment #1: Type: text/plain, Size: 363 bytes --]
Den 27/06/2015 08.21 skrev "Gregory Maxwell" <gmaxwell@gmail.com>:
> I strongly recommend anyone running production nodes exposed to inbound
> connections from the internet upgrade to 0.10.2 as soon as possible.
Does anybody know when/if 0.10.2 will be available on the Ubuntu PPA?
I could of course just install manually, but I like the convenience of a
PPA.
[-- Attachment #2: Type: text/html, Size: 504 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] Upcoming DOS vulnerability announcements for Bitcoin Core
2015-06-27 17:55 ` Thomas Pryds
@ 2015-06-27 18:22 ` Jameson Lopp
2015-06-27 20:53 ` Thomas Pryds
0 siblings, 1 reply; 6+ messages in thread
From: Jameson Lopp @ 2015-06-27 18:22 UTC (permalink / raw)
To: Thomas Pryds; +Cc: bitcoin-dev
[-- Attachment #1: Type: text/plain, Size: 877 bytes --]
According to the release notes, the 0.10.2 release only had notable changes
for Windows. https://bitcoin.org/en/release/v0.10.2
It's not clear that there were any vulnerability patches in 0.10.2 itself
that apply to Ubuntu.
- Jameson
On Sat, Jun 27, 2015 at 1:55 PM, Thomas Pryds <thomas@pryds.eu> wrote:
>
> Den 27/06/2015 08.21 skrev "Gregory Maxwell" <gmaxwell@gmail.com>:
>
> > I strongly recommend anyone running production nodes exposed to inbound
> > connections from the internet upgrade to 0.10.2 as soon as possible.
>
> Does anybody know when/if 0.10.2 will be available on the Ubuntu PPA?
>
> I could of course just install manually, but I like the convenience of a
> PPA.
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>
[-- Attachment #2: Type: text/html, Size: 1614 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] Upcoming DOS vulnerability announcements for Bitcoin Core
2015-06-27 18:22 ` Jameson Lopp
@ 2015-06-27 20:53 ` Thomas Pryds
0 siblings, 0 replies; 6+ messages in thread
From: Thomas Pryds @ 2015-06-27 20:53 UTC (permalink / raw)
To: bitcoin-dev
[-- Attachment #1: Type: text/plain, Size: 270 bytes --]
Den 27/06/2015 20.22 skrev "Jameson Lopp" <jameson.lopp@gmail.com>:
>
> According to the release notes, the 0.10.2 release only had notable
changes for Windows. https://bitcoin.org/en/release/v0.10.2
Ah, makes sense, then, that the PPA doesn't carry 0.10.2. Thank you.
[-- Attachment #2: Type: text/html, Size: 444 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [bitcoin-dev] Upcoming DOS vulnerability announcements for Bitcoin Core
2015-06-27 6:21 [bitcoin-dev] Upcoming DOS vulnerability announcements for Bitcoin Core Gregory Maxwell
2015-06-27 7:49 ` Wladimir J. van der Laan
[not found] ` <CAOC2i373Bg2v_CHDicn74RFsjZDwwDW5cGQ=01o9YNnU8Tr27w@mail.gmail.com>
@ 2015-07-07 23:14 ` Gregory Maxwell
2 siblings, 0 replies; 6+ messages in thread
From: Gregory Maxwell @ 2015-07-07 23:14 UTC (permalink / raw)
To: bitcoin-dev
On Sat, Jun 27, 2015 at 6:21 AM, Gregory Maxwell <gmaxwell@gmail.com> wrote:
> On July 7th I will be making public details of several serious denial of
> service vulnerabilities which have fixed in recent versions of Bitcoin Core,
> including CVE-2015-3641.
>
> I strongly recommend anyone running production nodes exposed to inbound
> connections from the internet upgrade to 0.10.2 as soon as possible.
>
> Upgrading older systems, especially miners, is also important due to the
> BIP66 soft-fork which is about to reach enforcing status, see also:
> http://sourceforge.net/p/bitcoin/mailman/message/34199290/
Just an update here-- I'm delaying this somewhat due to recent network
turbulance and unusual attempted DOS attack activity on relayed
infrastructure.
I've also had some requests from other cryptocurrency implementors to
use a somewhat longer horizon here.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-07-07 23:14 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-06-27 6:21 [bitcoin-dev] Upcoming DOS vulnerability announcements for Bitcoin Core Gregory Maxwell
2015-06-27 7:49 ` Wladimir J. van der Laan
[not found] ` <CAOC2i373Bg2v_CHDicn74RFsjZDwwDW5cGQ=01o9YNnU8Tr27w@mail.gmail.com>
2015-06-27 17:55 ` Thomas Pryds
2015-06-27 18:22 ` Jameson Lopp
2015-06-27 20:53 ` Thomas Pryds
2015-07-07 23:14 ` Gregory Maxwell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox